Monday, 2024-02-12

*** ralonsoh_ is now known as ralonsoh08:08
kevkomorning08:30
kevkomnasiadka bbezak some trivials ?  https://review.opendev.org/c/openstack/kolla-ansible/+/908429 https://review.opendev.org/c/openstack/kolla-ansible/+/907971 08:31
hamidlotfi_morning,08:38
hamidlotfi_I have an environment with Neutron OVS, after successful deployment, I went to update the environment with enable_neutron_agent_ha and then reconfigure, but nothing changed.08:38
hamidlotfi_please help me to resolve my problem.08:39
kevkohamidlotfi_: so you don't have l3_ha = true in your neutron.conf ? 08:40
kevkofor example ? 08:40
hamidlotfi_I set the `enable_neutron_agent_ha: "yes"` in my global.yml 08:41
kevkohamidlotfi_: yes, and i am asking if you have l3_ha = true in your /etc/kolla/neutron-server/neutron.conf on network node 08:41
hamidlotfi_Should I change anything else?08:41
kevkohamidlotfi_: firstly you should give an answer ...08:42
hamidlotfi_No, I didn't change ‍‍‍`/etc/kolla/neutron-server/neutron.conf‍`08:43
kevkohamidlotfi_: that was not my question ...question was if you have such option in this file ...08:43
hamidlotfi_No, I don't have `/etc/kolla/neutron-server/neutron.conf‍`08:44
mnasiadkamorning08:45
kevkohamidlotfi_: do you want to say that you don't have neutron-server ? :D 08:45
kevkoor you don't have that option inside ? :D 08:45
kevkomnasiadka: morning 08:45
mnasiadkaSvenKieske, frickler, bbezak: https://review.opendev.org/c/openstack/kolla-ansible/+/90840508:46
hamidlotfi_No, I say don't have this option.08:46
kevkohamidlotfi_: cool, version of kolla-ansible ? (or commit id ? )08:47
hamidlotfi_15.3.108:47
hamidlotfi_Also, I use from ZED version of openstack.08:48
kevkohamidlotfi_: can u say from where you downloaded kolla-ansible if official 15.3.1 don't exist  ? :D 08:49
kevkohamidlotfi_: https://pypi.org/project/kolla-ansible/#history08:49
hamidlotfi_let me check.08:50
hamidlotfi_I ran this command:08:51
hamidlotfi_`pip install git+https://opendev.org/openstack/kolla-ansible@stable/zed`08:51
hamidlotfi_https://pypi.org/project/kolla-ansible/15.3.0/08:51
kevkohamidlotfi_: so you installed via git ...ok 08:51
hamidlotfi_yes08:52
mnasiadkafrickler,SvenKieske,kevko, bbezak: with the service role for Nova and Cinder - initially I thought about removing admin role from nova/cinder users, but I'm not so sure about backporting that all the way to zed - so I left it there - WDYT?08:53
hamidlotfi_Is it not right?08:53
kevkomnasiadka: i don't think we need to remove admin in first step ...I think it's enough to provide service_tokens_role_required = service ... (default is admin ...and remember that this is not working correctly and returning wrong reply code for some action ... attach/detach ... but it's some time for now i've tested  )08:54
mnasiadkakevko: yes, that's why my approach is to add service (for backportability) and then remove admin only in master08:55
kevkomnasiadka: add service user is good step i think in all scenarios ...08:56
kevkos/user/role08:56
kevkomnasiadka: yeah, i think this can work i suppose08:57
mnasiadkawell, not all services support that, and we only need to backport nova/cinder mix to solve properly the sec bug08:57
mnasiadkaall the rest should be done in master only, especially ironic which bbezak is working on08:57
kevkomnasiadka: another question is if we will add service role for all users because it makes sense only in cinder<->nova08:57
kevkomnasiadka: okay you were first :D 08:58
mnasiadka:D08:58
kevkokevko: i don't know if i have some strict opinion ..because roles are checked in policies ... OR this service role is checked in a code somewhere If i remember (nova,cinder,os-brick)...because of some CVE reported  ...so if we add service role to all users ...it shouldn't break anything ...and apply our stuff in config for nova/cinder ...but as I09:01
kevkosaid ..i don't have strict opinion how to do it 09:01
kevkomnasiadka: ^^ :D 09:01
kevkomnasiadka: I would say if there is already service role ...IF someone will implement similar approach ... he will definitely use that service role ...09:02
hamidlotfi_kevko:  what should I do?09:02
kevkohamidlotfi_:  do you have ha_vrrp_health_check_interval = 5   in your /etc/kolla/neutron-l3-agent/l3_agent.ini ? 09:03
kevkohamidlotfi_: you said nothing is changed after reconfigure ...but from a code it's visible that you should have this option configured ... so if you have this in that config option ..you have this configured also before your reconfigure ..and that's the reason why nothing was changed 09:05
hamidlotfi_kevko:  Sorry I didn't add any options, so I have to add those options first and then run the reconfigure.09:10
kevkohamidlotfi_: haha, it's very hard with you :D 09:10
hamidlotfi_I thought that by activating the ‍‍‍`enable_neutron_agent_ha: "yes"` option, it would write the settings required by the service. 😉09:11
kevkohamidlotfi_: and I am asking if you have rendered such option in config file :D 09:12
kevkohamidlotfi_: https://github.com/openstack/kolla-ansible/blob/673eda91a431c41bb69b42050aac946cc04a604d/ansible/roles/neutron/templates/l3_agent.ini.j2#L13C1-L15C1209:12
hamidlotfi_No 😁09:12
kevkohamidlotfi_: so I am asking for the last time ..do you have such option rendered which is dependent on enable_neutron_agent_ha ? 09:13
kevkohamidlotfi_: so, it means you didn't set that option correctly ...because jinja din't rendered it ! 09:13
kevkohamidlotfi_: check your config and try again 09:13
hamidlotfi_Ok, thank you for your time and response.09:14
opendevreviewRafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic and Bifrost introspection  https://review.opendev.org/c/openstack/kayobe/+/90277210:41
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Ironic: enable elevated access for users with service role  https://review.opendev.org/c/openstack/kolla-ansible/+/90800710:57
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Add service role to ironic service users  https://review.opendev.org/c/openstack/kolla-ansible/+/90858010:57
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Template system scoped admin-openrc and clouds.yml files  https://review.opendev.org/c/openstack/kolla-ansible/+/90816810:57
opendevreviewBartosz Bezak proposed openstack/kolla-ansible master: Revert "Disable new defaults and scope for Ironic (RBAC)"  https://review.opendev.org/c/openstack/kolla-ansible/+/90727410:57
opendevreviewMatúš Jenča proposed openstack/kolla-ansible master: Implement Redis as caching backend  https://review.opendev.org/c/openstack/kolla-ansible/+/90397811:43
kevkomnasiadka: I'm messing around with the kolla code .... correct me if I am wrong ..but  as per https://review.opendev.org/c/openstack/kolla/+/246762 we are using virtualenv to avoid conflicts with system packages ..... BUT during the time we added --system-site-packages  ...so it don't makes sense to use virtualenv :D :D :D 12:33
kevkoand adding usseless complexity ...why ? 12:35
opendevreviewhilal alsac proposed openstack/kolla-ansible master: use haproxy_backend_http_extra and haproxy_backend_tcp_extra in haproxy-config template  https://review.opendev.org/c/openstack/kolla-ansible/+/90877212:44
opendevreviewhilal alsac proposed openstack/kolla-ansible master: use haproxy_backend_http_extra and haproxy_backend_tcp_extra in haproxy-config template  https://review.opendev.org/c/openstack/kolla-ansible/+/90877212:48
mnasiadkakevko: and why do you think without a venv is better? we're using --system-site-packages probably due to Ansible and selinux? Propose something constructive, I don't believe venv is adding useless complexity, people are running more things than just kolla build on their hosts.13:16
mnasiadkaah, you mean the images13:17
mnasiadkawell, PTG is coming, feel free to propose something - I'll create an etherpad13:17
mnasiadkakevko, frickler: https://review.opendev.org/q/project:openstack/kolla+status:open+NOT+label:Workflow%3C%3D-1+NOT+label:Code-Review%3C%3D-2+label:Review-Priority%3D1 - would be nice to progress with those13:38
opendevreviewMichal Nasiadka proposed openstack/kolla master: Add ovn-bgp-agent / FRR / Horizon BGPVPN dashboard  https://review.opendev.org/c/openstack/kolla/+/89161713:49
opendevreviewMatt Crees proposed openstack/kayobe master: Fix: configure etc-hosts for overcloud group  https://review.opendev.org/c/openstack/kayobe/+/90730613:54
opendevreviewMichal Nasiadka proposed openstack/kolla-ansible master: cinder: Stop using admin service token  https://review.opendev.org/c/openstack/kolla-ansible/+/90840514:28
opendevreviewSeunghun Lee proposed openstack/kayobe master: Make matching OVS agent independent to OVN if OVS is explicitly enabled  https://review.opendev.org/c/openstack/kayobe/+/90772114:54
*** jph3 is now known as jph15:06
opendevreviewDawud proposed openstack/kolla-ansible master: Remove the `grafana` volume  https://review.opendev.org/c/openstack/kolla-ansible/+/89913616:14
opendevreviewRafal Lewandowski proposed openstack/kayobe master: Add Redfish rules to Ironic and Bifrost introspection  https://review.opendev.org/c/openstack/kayobe/+/90277218:33
wncsllnhello o/, anyone already saw this error "nova | Ensure RabbitMQ users exist (5 retries left)." on rabbitmq reconfigure?20:28
wncsllnif i list rabbit vhosts, nothing appears20:28

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!